RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident

Previous Version:


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Determine the sequence of events that occurred during the incident and which assets and resources were involved in each event

Ex2: Attempt to determine what vulnerabilities, threats, and threat actors were directly or indirectly involved in the incident

Ex3: Analyze the incident to find the underlying, systemic root causes

Ex4: Check any cyber deception technology for additional information on attacker behavior